Analyst - SOC Monitoring

Job Description

Job Purpose

To monitor, detect, analyze, and respond to security incidents and threats in an organization's information systems and network infrastructure. You aim to protect sensitive data, uphold network security, and maintain organizational compliance with industry regulations and standards.By utilizing cutting-edge security tools, techniques, and procedures, the SOC analyst plays a critical role in preventing, mitigating, and resolving cyber threats, ensuring the overall security of the organization's digital environment.

• Monitor and analyze security alerts from SIEM, EDR, NDR, IDS/IPS, firewalls, endpoint protection, and other security technologies.
• Investigate suspicious activities and security incidents and escalate as necessary.
• Conduct initial triage of security events to determine impact and severity.
• Perform event correlation using information from various sources within the organization to gain situational awareness and determine the effectiveness of observed attacks.
• Detect Incidents by monitoring the SIEM console, Rules, Reports, and Dashboards.
• Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, distinguishing these incidents and events from benign ones.
• Report the confirmed incident as per the Incident management process.
• Notify the Senior SOC Analyst on suspected/anomaly events for further analysis.
• Document and escalate incidents (including the event's history, status, and potential impact for further action) that may cause an ongoing and immediate impact on the environment.
• Monitor the health of the SIEM tool and report any issues/incidents/malfunctions to the SOC SIEM administrator.
• Assist Senior SOC Analysts and security specialists in incident investigation and workflow.
• Assist in the development and tuning of SIEM rules, dashboards, and playbooks.
• Provide support for incident response efforts including forensic analysis and root cause determination.
• Assist the Senior SOC Analyst and internal team in incident detection and resolution.
• Communicate and provide necessary information to external teams for timely incident resolution.
• Stay up to date on the latest cyber threats, attack techniques, and vulnerabilities.
• Contribute to continuous improvement of SOC processes and procedures.

• High-level understanding of TCP/IP protocol and OSI Seven Layer Model.
• Knowledge of security best practices and concepts.
• Knowledge of Windows and/or Unix-based systems/architectures and related security.
• Intermediate level of knowledge of LAN/WAN technologies.
• Must have a solid understanding of information technology and information security.
• Good understanding of defense-in-depth analysis techniques.
• Knowledge of log monitoring, analysis, and correlations.
• Knowledge of Incident detection, reporting, and responding.
• Understanding of security threats and vulnerabilities.
• Ability to use SIEM/EDR/NDR console to create/analyze Rules, Reports, and Dashboards.
• Sound knowledge of the functioning of IPS.
• Intermediate knowledge of using common security products like SIEM, EDR, NDR, IPS, Antivirus, File Integrity Monitoring, and DLP.

• Highly result oriented and able to work independently.
• Good analytical, technical, written, and verbal communication skills.
• Ability to multi-task in a fast-paced and demanding work environment.
• Strong team player.
• Comfortable with a high-tech work environment and constantly learning new tools and innovations.
• Flexibility to work all shifts and willingness to assist the team with overtime.
• Self-motivated, curious, and knowledgeable about information security news and current events.